[00:00.640 --> 00:08.000]  The first time the Packet Hacking Village ran a talks track was at DEF CON 21 in 2013.
[00:08.720 --> 00:15.980]  Each year since then, Mike Rago and Chet Hosmer has given a talk at the Packet Hacking Village.
[00:16.040 --> 00:23.340]  However, they have not given the opening talk at the Packet Hacking Village until now.
[00:23.380 --> 00:29.460]  It is my pleasure to introduce to you, old friends and supporters, Mike Rago and Chet Hosmer
[00:29.460 --> 00:34.720]  with their talk, Media Analysis of Disinformation Campaigns.
[00:37.330 --> 00:40.670]  Hi everyone and welcome to DEF CON 28.
[00:41.010 --> 00:45.730]  We are going to be talking today about media analysis of disinformation campaigns.
[00:45.730 --> 00:50.170]  I'm Chet Hosmer. I'm going to do a quick introduction of the talk and then I'm going to turn it over to Mike Rago
[00:50.710 --> 00:53.650]  who is going to kind of dive into this topic a little bit deeper.
[00:53.650 --> 00:55.930]  But I want to at least set the stage for you.
[00:55.930 --> 00:59.270]  First of all, Mike and I have worked together for many, many years.
[00:59.270 --> 01:09.370]  We created a book together called Data Hiding where some of the information here is relevant or related to the work that we've done in data hiding and steganography.
[01:09.370 --> 01:13.210]  So, I want to kind of give you just a quick introduction to the talk today.
[01:14.630 --> 01:19.370]  So, the threat. You know, what are we worried about here with these disinformation campaigns?
[01:19.370 --> 01:22.370]  And we're going to focus a lot on media today.
[01:22.370 --> 01:27.750]  In other words, multimedia content that is included as part of these disinformation campaigns.
[01:27.750 --> 01:34.990]  So, today the internet and social media is filled with a lot of multimedia content.
[01:35.070 --> 01:40.690]  Most of this is relatively harmless and in many cases can be quite useful.
[01:41.290 --> 01:48.490]  These multimedia events basically communicate knowledge in the forms of training and information sharing.
[01:48.490 --> 01:51.810]  New ideas, new concepts, even new thinking.
[01:51.850 --> 01:54.000]  And of course, pictures and videos of our pets.
[01:54.000 --> 02:12.720]  However, a growing percentage of multimedia content have been manipulated in order to deceive and change the way we think, people think, act, react, believe, and can ultimately cause harm because they're fake, because they're untrue.
[02:12.720 --> 02:25.560]  The simple question then is, how do we tell the difference between real and fake, fact and fiction, and I guess ultimately, good and evil?
[02:26.400 --> 02:32.600]  So, with that quick introduction, let me turn it over to my good friend, Mike Rago to kind of take you through the next section.
[02:32.600 --> 02:39.140]  So, we thought we would begin by talking a little bit about the different types of disinformation campaigns.
[02:39.140 --> 02:44.300]  There's certainly a variety of disinformation campaigns that we see in today's world.
[02:44.360 --> 02:58.560]  Certainly with COVID or the coronavirus being top of mind for many folks, there's a variety of disinformation that is inspiring mass hysteria across people all around the world, including here in the United States.
[02:58.560 --> 03:14.730]  And that's inspired by a variety of media, video, images of people suffering from the coronavirus, remedies that are available for it, cities or locations that have been heavily impacted by the coronavirus.
[03:15.280 --> 03:22.100]  And as a result, inspiring a lot of concerns and risks associated with that.
[03:22.100 --> 03:45.980]  In addition, there continues to be a huge uptick in political disinformation as well. We've seen with politics in Brazil, here in the United States, and other locations all around the world, where we have different candidates spreading different forms of disinformation, as well as various groups and organizations and individuals also inspiring that as well.
[03:46.780 --> 03:54.800]  Some of the less familiar ones that we see out there, but still very impactful, are things like catfish fake rallies.
[03:54.800 --> 04:03.620]  This is a technique used through social media to actually inspire a rally, one that hasn't been planned yet.
[04:03.620 --> 04:13.800]  And so someone will create a fictional event and post it across Facebook, across Twitter, other social media outlets.
[04:13.800 --> 04:26.440]  And then in doing so, to garner attention around it, the creator will then send things like private messages to other social media users, asking them to attend and repost it.
[04:26.820 --> 04:37.700]  And then this is eventually turned over to a larger group whose message is inspired by this, to have them also promote it to a broad base of users.
[04:37.700 --> 04:50.860]  The intent behind this type of thing is to actually form a rally in some cases, and in doing so, support a specific narrative supported by a large organization who supports that narrative.
[04:50.860 --> 05:06.380]  And the underlying tone being, in a way, kind of manipulating people and really getting them to join a particular rally, all based on an original fake type of catfish.
[05:06.380 --> 05:21.380]  And then other things that we see also involve malware. So in the case of malware, we've seen things such as phishing or vishing attacks, where fake audio is used to impersonate an executive.
[05:21.380 --> 05:34.920]  It may be spliced together, different pieces of audio from recordings that have been found online and elsewhere, to create a message that is sent to one or more executives, someone in the accounting department,
[05:34.920 --> 05:45.300]  or to customers of that company or that organization, informing them that, say, the account information that needs to be paid has changed.
[05:45.300 --> 05:53.780]  The bank information has changed and inspired them to make payment to a particular account different from the original they have on file.
[05:53.800 --> 06:00.320]  So a lot of these information campaigns inspire a lot of different narratives and a lot of different results.
[06:00.320 --> 06:09.980]  Again, kind of our focus here in this particular presentation is actually taking a closer look at the media tied to a lot of those disinformation campaigns.
[06:12.820 --> 06:20.180]  In terms of political disinformation, here's just one of many examples that are out there.
[06:20.180 --> 06:31.570]  In this particular one, a congressman actually tweeted a fake photo of Obama meeting with the Iranian President Rouhani, when actually this was an altered image.
[06:31.820 --> 06:44.920]  And the original image was really of Obama meeting with former Indian Prime Minister Manmohan Singh to talk about nuclear laws and things of that nature.
[06:44.920 --> 07:01.360]  And so it was soon discovered that not only as a result of the photo, but furthermore, the placement of these people at different points in time was that they didn't actually meet at the time at which this photo was representative of them actually meeting together.
[07:01.360 --> 07:05.740]  So based on the timeline, these two people were not in the same place at the same time.
[07:05.820 --> 07:13.580]  But furthermore, upon further analysis, it was determined that this image was actually fake and that someone had modified it from the original.
[07:16.580 --> 07:28.220]  Some of the research that we've done involves leveraging many of the cool capabilities available within AWS, such as recognition and the ML built into that.
[07:28.220 --> 07:38.480]  And in doing our research, we've created a number of systems that allow for deep analysis around these types of things.
[07:38.480 --> 07:58.180]  For example, taking this particular image and running it through AWS's recognition and machine learning, based on some modifications we made, actually allows you to identify some very interesting characteristics to help identify when there are altered forms of media, in this case an image.
[07:58.180 --> 08:07.440]  For example, in terms of identifying items and objects within the photo, provides the ability to understand context.
[08:07.440 --> 08:17.960]  And in this case, you can see that there are individuals that are identified, various flags, accessories, person wearing a pin or a tie.
[08:17.960 --> 08:30.400]  And those things become more important in building out the broader picture and trying to understand when an altered piece of media, in this case an image, is actually used.
[08:33.320 --> 08:45.720]  In addition, it can also bring out facial attributes, where you can see and understand expressions, and in addition, understand what people are wearing within the photo.
[08:45.720 --> 08:54.840]  And in addition, things such as whether they're happy, they're sad, and other types of characteristics related to their facial attributes.
[08:59.390 --> 09:14.290]  If we go back to the original photo, the one from which the altered image or the fake image was actually created from, and we run that through the tool as well, we can further identify other characteristics that we can compare to the fake photo.
[09:14.490 --> 09:26.770]  In this case, we additionally identify other characteristics, not only beyond the fact that there's a different individual in the photo than in the fake photo, but also characteristics of that image.
[09:26.770 --> 09:44.710]  Interesting aspects of this image was a different color turban that the individual is actually wearing, and how that was actually... pieces of that were left over in the fake photo when splicing in a different individual within the photo itself.
[09:44.710 --> 10:03.850]  In addition, there were kind of blocky components of the fake photo related to the individual that was spliced over and into that fake image, whereby structures of the face were along the line, and some other characteristics that came out of some of the analysis too.
[10:06.470 --> 10:34.830]  So, interesting aspects related to this. In looking at traditional media and trying to understand some of the metadata and characteristics of those images involved looking at metadata and really understanding the photographer or the source of that image or what camera was used to take that photo, and even sometimes some of the location information included in that metadata.
[10:34.830 --> 10:57.750]  But as we've demonstrated over the last number of years, actually the last roughly 20 years that we've been presenting across DEF CON, Sky Talks, Wall of Sheep, and other conferences as well, is that, as we know today, social media largely strips off a lot of this metadata, and furthermore, recompresses media, whether that be an image, audio, or video.
[10:57.750 --> 11:06.690]  And through that recompression, actually further morphs and changes the content of that actual media.
[11:07.310 --> 11:26.070]  And therefore, really in today's world, getting beyond the metadata and really looking at many of the characteristics we've shown so far becomes increasingly important in terms of doing this deeper analysis of altered media, in this case, images of which we talked about up until now.
[11:31.150 --> 11:40.210]  We stood up a different ML type of environment within AWS that leverages video analysis, too.
[11:40.330 --> 11:53.330]  We took a video from a presentation we did in DEF CON 25, where Dr. Phil Tully and myself presented a picture is worth a thousand words, literally.
[11:53.330 --> 12:00.410]  And so that presentation garnered the attention of CNN at the time, and so we did a TV interview.
[12:00.450 --> 12:07.950]  And so I took that video and ran it through the video analysis tool to see what type of things it could identify.
[12:09.250 --> 12:21.770]  AWS recognition and the other things that are built into many of the capabilities allow you to understand things such as what objects are in the video, but furthermore, how often do they show up?
[12:21.770 --> 12:25.570]  And where in the video timeline do they show up?
[12:25.570 --> 12:40.250]  A lot of these so-called forensic data points can be really helpful and really important in terms of building out and understanding analysis around disinformation campaigns in general,
[12:40.250 --> 12:57.470]  and the types of things within those images that may identify the source of that image, understanding and placement of people or objects at different points in time, a video that may claim to be recorded in New York when actually objects in the video are located in San Francisco.
[12:57.470 --> 13:00.710]  So there's a lot of interesting characteristics that can come out of this.
[13:05.330 --> 13:10.910]  One of those things is being able to look in more detail at those objects.
[13:10.910 --> 13:24.270]  And in doing so, you can see here that it'll pull out and identify a plethora of different objects, how frequently they show up, and where in the video timeline do they show up?
[13:24.270 --> 13:27.990]  And this can also be really helpful from a forensic standpoint.
[13:27.990 --> 13:37.010]  Traditional methods, we would take a look at an image or we would take a look at a video and try to identify interesting characteristics kind of using that human analysis.
[13:37.170 --> 13:52.570]  Now is the ability to actually pull that out in an automated way, leveraging machine learning and leveraging all of that deep analysis to bring out a lot of those characteristics across OCR, NLP, and many other things.
[13:52.750 --> 13:55.930]  And this also does work with images as well.
[13:55.930 --> 13:59.530]  Remember that a video is just comprised of multiple images.
[14:03.090 --> 14:07.670]  It'll also leverage things like optical character recognition or OCR.
[14:07.670 --> 14:12.350]  And this allows you to pull out words from objects identified within the video.
[14:12.350 --> 14:22.570]  This could be things like a license plate or a sign or a logo on the side of a vehicle or a building or something else, even a logo on somebody's T-shirt.
[14:22.570 --> 14:36.870]  These all become really, really important in terms of understanding all the data and the analysis of that to understand things that have inspired the disinformation campaign and characteristics of that video or that image.
[14:39.790 --> 14:46.710]  One important aspect to this, though, is that old school methods still apply.
[14:46.710 --> 15:09.010]  And what we mean by that is old school methods of analyzing images, analyzing things, and understanding when there are different types of text within an image is that with old school methods, we could actually take a look at a black background and identify where there's embedded text within that.
[15:09.010 --> 15:18.330]  So if there's only one or two shade difference for that text compared to the black background, can OCR actually identify that?
[15:18.330 --> 15:23.730]  What we found is that actually it does not do a very good job of identifying that.
[15:23.730 --> 15:36.230]  So blending kind of those old school, a little bit more manual analysis techniques with current day aspects of OCR combined really provide a much better strategy overall.
[15:37.350 --> 15:42.530]  But that said, AWS's Textract is actually super awesome.
[15:42.890 --> 15:50.910]  There are a lot of features and capabilities in here that would take a long time trying to accomplish using old school manual methods.
[15:50.990 --> 16:02.570]  So actually using this to perform the OCR analysis can allow you to bring out a lot of the aforementioned objects and text and things like that within an image.
[16:02.570 --> 16:07.090]  And as a result, help you identify those.
[16:07.090 --> 16:14.310]  But if there are minor subtleties, such as in this case, text on a black background, it may miss that.
[16:15.590 --> 16:28.490]  And that's something that we actually tested using AWS Textract is that when taking this type of image and putting it into the tool, it simply just didn't identify any text within that particular image.
[16:31.320 --> 16:36.520]  But again, kudos to AWS. I mean, Textract is a fantastic tool.
[16:37.560 --> 16:45.620]  In addition, we can also do video analysis and extract the audio. And in doing so, there's a lot of interesting data points there.
[16:45.740 --> 16:58.960]  The speech recognition built into what AWS provides and what we build out in the tool set allows you to identify those key phrases from the transcript of what is being mentioned during that video.
[16:58.960 --> 17:10.420]  From here, you can identify the frequency at which much of that occurs, such as how often are certain phrases or words used throughout the video.
[17:10.700 --> 17:21.400]  And in analyzing that, understanding what type of lingo does that individual normally use versus what's actually being said in the video.
[17:24.790 --> 17:45.080]  Also, the speech recognition can identify other characteristics, such as people's names and things that are mentioned within the video, dates, countries, quantities of items, and things of that nature too.
[17:45.080 --> 17:58.120]  So what may be really helpful is that if there are multiple individuals talking and some of it's in the background, some of it does have the capability to pick up on some of that as well and really provide analytics around that.
[17:58.120 --> 18:05.460]  And also in the context of where that audio or that word or that phrase was mentioned in the timeline.
[18:07.540 --> 18:19.160]  So bringing this all together, the video analysis and going beyond just deep fakes in general, disinformation is more than deep fakes.
[18:19.160 --> 18:27.540]  And what we mean by that is there are a lot of other attributes we've talked about so far related to a video that can also be key.
[18:27.540 --> 18:40.980]  So although there's some great AI around understanding and identifying deep fakes, also all of this additional analysis is super important into understanding the fake narrative.
[18:40.980 --> 18:57.860]  These attributes, as we've mentioned, that drive these false narratives may be individuals that are in the video or objects, any type of identified words or lingo, and facial expressions and even human characteristics.
[18:58.200 --> 19:07.180]  And this is particularly important in today's world of social media where metadata is less and less found across the different forms of media.
[19:11.230 --> 19:20.430]  In addition, if we kind of take a look at the old school steganography problem, is there something embedded in this image?
[19:20.750 --> 19:32.790]  The big challenge that's always existed is, well, I don't have the original file before that data was embedded in that image, so it becomes more difficult to identify that.
[19:32.790 --> 19:47.090]  I can't do a hash of the original and a hash of the modified image with the hidden data in it because I don't have the original image. Same thing goes for a diff or other types of techniques that you could use.
[19:47.090 --> 19:58.330]  But although hashing may not work in these circumstances, ML, NLP, OCR, facial and object recognition, all of these things do actually work particularly well.
[19:59.330 --> 20:13.490]  And understanding the behavioral changes of a social media account or website over time is also super, super helpful in understanding the timeline and behavioral changes across that social media account.
[20:14.570 --> 20:33.470]  And also, in addition, is the source of the additional media and being able to collect that over the timeline and actually run that through the machine learning to build out a profile for that individual, for that account. What are the normal behaviors and do we see a deviation of that?
[20:35.030 --> 20:42.370]  So social media accounts can change over time, especially when they're taken over.
[20:42.370 --> 20:53.470]  And so in this particular case here, this is just one of numerous examples where an innocent individual had their account taken over and turned into a zombie account.
[20:53.470 --> 21:04.390]  And whoever took over that account then used it to inspire disinformation campaigns by posting a lot of disinformation around the coronavirus.
[21:04.690 --> 21:19.190]  And over that time frame, characteristics of how that account changed was not only the background, but also the name, the language, and a variety of other things in terms of the type of content posted.
[21:19.190 --> 21:35.290]  So monitoring this over a timeline can help gather a much more broad corpus of media to really identify characteristics of the disinformation, characteristics of how it's been weaponized, and characteristics of their TTPs.
[21:35.290 --> 21:37.390]  And with that, I'll turn it over to Chet.
[21:39.070 --> 21:42.530]  So let's take a look at some sample fake images.
[21:42.530 --> 21:52.330]  I know we're so interested in audio and video and other things, but remember, videos within multimedia are just made up of images and audio clips, right?
[21:52.330 --> 21:57.530]  So typically JPEGs and MP3s within, let's say, an MP4 kind of environment.
[21:57.530 --> 22:07.850]  But let's take a look at some images and we'll talk about how we break those down and how we actually approach the process of detecting anomalies within.
[22:07.850 --> 22:11.550]  Before we do that, we should take a look at a few fakes to see what they actually look like.
[22:12.210 --> 22:17.230]  So here's one. This is actually a really good one because it was actually produced by a studio.
[22:17.230 --> 22:21.950]  So this was actually produced by Paramount Pictures in the Baywatch movie.
[22:21.950 --> 22:28.190]  So we've got Zac Efron and Dwayne Johnson here kind of walking away from a beach scene.
[22:28.210 --> 22:34.150]  In this particular clip, neither one was actually in the shot together.
[22:34.150 --> 22:38.270]  They were separate and they were pasted together with this particular background.
[22:38.270 --> 22:40.430]  So we're going to take a look at that in a minute to see.
[22:40.430 --> 22:46.230]  Now you notice this particular image with Dwayne Johnson's tattoos and that kind of stuff.
[22:46.230 --> 22:51.450]  You would expect us to be able to get some false positives, let's say, within those particular areas.
[22:51.450 --> 22:54.090]  We're going to talk about how we can actually avoid those.
[22:54.530 --> 23:01.570]  This is a really old one. This was the cover of National Geographic magazine back in February 1982.
[23:01.570 --> 23:06.410]  And I bring this one up because this again was produced by a professional organization.
[23:06.410 --> 23:14.310]  What they've done is move the pyramids closer together and added the camel riders to the foreground of this particular image.
[23:14.310 --> 23:20.590]  They received significant amounts of criticism for their modification of this image.
[23:20.590 --> 23:28.190]  This happens a lot, right? When photographers are taking photographs of scenes, they want to enhance their impact.
[23:28.190 --> 23:33.270]  In this one, the impact and the enhancement may not have been that bad.
[23:33.270 --> 23:38.290]  In other words, again, the fact versus fiction issue.
[23:38.290 --> 23:45.470]  But it's still the same thing. They've tried to enhance this image to give us an impression that isn't true.
[23:46.690 --> 23:49.270]  Here's one that's a bit more serious.
[23:49.370 --> 23:52.290]  This was during the time of Hurricane Sandy.
[23:52.290 --> 24:01.070]  And someone put together this particular image of the Statue of Liberty in the foreground and Hurricane Sandy approaching New York Harbor.
[24:01.070 --> 24:13.510]  Obviously, this didn't happen. However, it caused a bit of panic because this ended up as a photograph on a couple of the evening news segments and obviously on the Internet.
[24:13.510 --> 24:18.390]  So people were looking at this and thinking, wow, this is right on top of us. What should we do?
[24:18.530 --> 24:26.450]  So again, these kinds of fakes can have impact on people's lives as we take a look at them if we believe them to be true.
[24:26.450 --> 24:29.390]  Many enhancements were made to this particular image.
[24:29.390 --> 24:34.230]  Obviously, this is a really good one. Obviously, this is a real image of a flying saucer in the desert.
[24:34.330 --> 24:39.870]  We'll talk about this one as we actually walk through the demonstration to talk about how this was in fact created.
[24:39.930 --> 24:43.810]  But again, there's many different ways that we can create these.
[24:43.970 --> 24:54.330]  This is a really good one. This is a selfie of a pilot flying at 300 miles an hour, sticking his head out the cockpit window and taking a selfie of himself.
[24:54.330 --> 25:00.830]  And you notice that it has the plane, the engine, and many different parts of this were actually factored in.
[25:00.830 --> 25:04.750]  The glasses, the tie, flying in the wind, all of that kind of stuff.
[25:04.750 --> 25:10.770]  And we'll talk about how this was actually done and actually break this down for you in a couple of minutes.
[25:10.870 --> 25:13.610]  So some things a little bit more serious.
[25:13.610 --> 25:20.910]  Obviously, this is Vladimir Putin supposedly whispering over Donald Trump's ear, kind of giving him some advice.
[25:20.910 --> 25:25.590]  And obviously, this never happened as well. So we're going to break this one down for you and kind of show you.
[25:25.590 --> 25:31.510]  So this is becoming a little bit more political in nature and how they're being used in this regard.
[25:31.510 --> 25:38.670]  It's a really good one was created with machine learning to basically bring these two photographs together and make them look realistic.
[25:39.510 --> 25:49.790]  Another political photo with Vladimir Putin shaking the hands of Donald Trump with Merkel in the foreground as well and a lot of folks here.
[25:49.790 --> 25:58.170]  And obviously, we're going to talk about how this image was created and show you where some of the modifications have been made to this particular image.
[25:59.830 --> 26:05.130]  So what we want to talk about is data hiding versus deep fakes.
[26:05.130 --> 26:13.750]  So in other words, we've done a lot of work in data hiding detection, steganography detection in all forms, whether it's images, multimedia, etc.
[26:13.810 --> 26:18.490]  But how does data hiding relate to deep fake?
[26:18.490 --> 26:21.390]  In other words, how do these two things actually come together?
[26:21.390 --> 26:29.330]  Let's take a look at some of the aspects of steganography first, and then we'll talk a little bit about deep fakes.
[26:30.070 --> 26:38.070]  So the etymology of steganography, it comes from the Greek roots steganos for covered and graphi for writing, yielding covered writing.
[26:38.070 --> 26:40.870]  So steganography is all about covered writing.
[26:40.870 --> 26:45.770]  And some of the first known uses of this happened 4,000 years ago.
[26:45.770 --> 26:53.630]  So this has been a technique that has been used in warfare for pretty much ever in order to be able to conceal information and communicate information.
[26:53.630 --> 26:59.990]  So remember, the difference between encryption and steganography is an important thing to remember.
[27:00.050 --> 27:01.630]  We're going to talk about that.
[27:01.670 --> 27:04.030]  The story of Demardus is one of my favorites.
[27:04.030 --> 27:11.810]  Demardus was exiled in Persia, and while he was there, he received news that there was going to be an invasion of Greece.
[27:11.810 --> 27:15.930]  He wanted to get back in the good graces of Sparta, so he wanted to get words to them.
[27:15.930 --> 27:23.730]  So he took the tablet of the day, which was a wax tablet where there was wax covered over a wood background.
[27:23.730 --> 27:28.570]  That's the stylus that you see at the top, so it's kind of like an iPad of the day.
[27:28.570 --> 27:35.410]  And you would actually write your message within the wax and hand it off.
[27:35.410 --> 27:48.570]  Well, since he knew that if he tried to get a message out to Sparta this way, they would detect it as the guarders of the gates of where he was exiled would certainly have picked this up.
[27:48.570 --> 27:58.370]  So what he did was he peeled the wax off the tablet and he engraved the message, the secret message, in the wood of the tablet and then passed it by the centuries of the day.
[27:58.750 --> 28:01.270]  He was able to get that by and get the message to them.
[28:01.270 --> 28:06.850]  So it's the physical form of covered writing, of hiding a message underneath something else.
[28:06.850 --> 28:14.550]  In this case, the cover was wax and the writing instrument was a wax tablet that was in fact created.
[28:15.750 --> 28:24.530]  We take a look at images. This is one of my favorites that I use in many of my presentations because it's an image that everybody knows.
[28:24.530 --> 28:30.410]  It has a couple characteristics that make it really a terrible image to use for hiding information.
[28:30.890 --> 28:37.790]  The image on the left is the original. The image on the right has a fairly significant word document embedded in it.
[28:37.930 --> 28:43.590]  And the reason it's a terrible image is it's one that we all know. We have an expectation of what this is going to look like.
[28:43.590 --> 28:48.250]  We've all seen this image. It's probably one of the most known images in the world.
[28:48.610 --> 28:55.130]  The second is that it has very limited colors in most of the dark shades. Those are not the kinds of things that you use to hide information.
[28:55.130 --> 29:02.770]  However, even so, these two images side by side, the original and the fake, look pretty good.
[29:03.270 --> 29:07.530]  So what if we take a look at these two images in a little different way?
[29:07.530 --> 29:13.250]  In other words, let's render these images differently to see if we can actually see a difference between those.
[29:13.290 --> 29:21.730]  Since this is actually a true color image, the data hiding occurred in the least significant bit of the RGB spectrum.
[29:21.730 --> 29:26.150]  So let's take a look at that from that point of view and see what we get.
[29:26.150 --> 29:31.970]  This is again the original image on the left and you notice if we render just the least significant bit,
[29:31.970 --> 29:40.730]  we find there is in fact information in that least significant bit in the original image that basically is providing the shape of the image.
[29:40.730 --> 29:45.150]  Even though it was only a single color, in this case the red LSB value.
[29:45.150 --> 29:52.250]  If I look at the red LSB value in the image that was staggered, in other words, data was hidden in it,
[29:52.250 --> 29:58.890]  we see the information is completely different because that least significant bit was used to hide the information.
[29:58.890 --> 30:06.890]  So how we render the image and how we actually look at these things is what leads us to the ability to be able to detect the difference between,
[30:06.890 --> 30:12.130]  in this case, real and fake, within a staggered realm.
[30:12.130 --> 30:18.210]  So how do we do this when it's not steganography, when it's actually a fake image?
[30:18.330 --> 30:27.870]  So it all comes down to the concept of intelligent feature extraction and classification so that we can actually train a machine
[30:27.870 --> 30:31.490]  in order to be able to do this using machine learning techniques.
[30:31.490 --> 30:40.250]  But if we don't understand the kinds of features that we need to extract that make a difference between real and fake, it's not going to work.
[30:40.250 --> 30:48.330]  So let's take one of the images that I've showed you so far. We'll take the image of Vladimir Putin kind of giving the thumbs up to Trump and Merkel.
[30:48.990 --> 30:52.150]  Was this a real image? Let's take a detailed look at this.
[30:52.150 --> 30:56.850]  So how do we do that? The first thing we want to do is break the image up into small pieces.
[30:56.890 --> 31:04.050]  Obviously, you break it up into smaller just to kind of illustrate how we do this, we break it up into frames within that particular image.
[31:04.050 --> 31:13.350]  Once we do that, we take each individual frames, for example, the one that is around the hand, the thumbs up from Vladimir Putin.
[31:13.570 --> 31:24.350]  We take that center pixel and we take a look at that center pixel, we want to basically compare it to the adjacent pixels to see if we can find any anomalies
[31:24.350 --> 31:29.250]  within those adjacent pixels that don't occur in the normal image.
[31:29.250 --> 31:38.930]  So this is how we actually are doing this. We actually take that center pixel and we do this throughout the entire image in comparing those adjacent pixels.
[31:38.930 --> 31:51.430]  So we first create a baseline of what normal is across the image and then we're looking for areas of the image that don't conform to that normal behavior between these adjacent pixels that are around it.
[31:51.430 --> 32:00.850]  In order to do that, what we can do then is create a set of sample images that are labeled either fake or real in this particular case.
[32:00.950 --> 32:12.810]  And then we can extract those features that we're interested in, take those features and put them into a set of pandas, in other words, panel data, which is basically kind of like a spreadsheet.
[32:12.810 --> 32:22.270]  And scrub them, basically kind of actually make sure that we have no real outstanding outliers and that kind of stuff and actually scrub that data a little bit.
[32:22.330 --> 32:30.810]  And then what we do is we actually run that through a learning engine like Scikit-Learn or TensorFlow, whatever you want to use.
[32:30.810 --> 32:41.290]  And basically create a model of what is normal. This is supervised learning, obviously, so we're going to basically know when we start this out what's good and bad.
[32:41.290 --> 32:44.470]  The issue is that this is a very interactive process.
[32:45.170 --> 32:57.970]  So once we do this, we have to create the model and we run through this process over and over again until we get both the feature extraction right and we tune the learning engine to learn properly.
[32:57.970 --> 33:05.450]  So at least we can get the images that we use as the model, in other words as the sample images, to come out correctly.
[33:05.450 --> 33:08.950]  In other words, to be able to detect the difference between real and fake.
[33:08.950 --> 33:22.350]  Then what we do is take that to the next level and we bring in images that are real and fake and run them into the model to see if we can identify those.
[33:22.350 --> 33:29.850]  So we do the same feature extraction, we run those through whatever model we have, and then we can actually visualize the results.
[33:29.850 --> 33:36.430]  In other words, what areas of the image are we finding anomalies that we don't find in the rest of the image.
[33:36.430 --> 33:42.510]  So it's kind of a simple take on what we do, but just kind of give you an idea of how this actually functions and works.
[33:42.770 --> 33:47.690]  So with that, you might be saying, OK, well, I'm from Missouri, show me how this works.
[33:47.690 --> 33:54.110]  So the next thing I want to do is kind of give you a quick demonstration of a tool that we've developed that actually puts this into practice.
[33:55.410 --> 33:58.150]  So let's put the machine learning engine to work.
[33:58.150 --> 34:07.910]  I'm actually going to show you a demonstration here of a tool called PX that we've developed in order to be able to do this kind of active analysis of these potential images.
[34:07.990 --> 34:13.110]  So the first thing we're going to do is select an image that we want to actually analyze, that pilot selfie that I've already shown you.
[34:13.670 --> 34:19.250]  And what we're going to do is first come up and create the baseline of that particular image.
[34:19.350 --> 34:25.950]  And then what we're going to do is we're going to go ahead and perform the analysis of that image in order to identify areas of the image that are anomalous.
[34:25.950 --> 34:33.470]  So that we can actually pinpoint areas of the image that we believe were altered in order to create this fake.
[34:33.950 --> 34:39.050]  So you can kind of see, this is what it looks like. The yellow dots basically indicate the areas that we've identified.
[34:39.050 --> 34:43.210]  So you can see that there was multiple components of this image. The tie was added, the glasses were added.
[34:43.210 --> 34:46.590]  Obviously, the pilot was added, you know, to that.
[34:46.590 --> 34:51.990]  You'll notice that the engine actually contains some analysis as well.
[34:51.990 --> 34:56.670]  And the reason for that is because they wanted to make it look like the engine was running, not on some runway.
[34:57.010 --> 34:59.150]  Let's take a look at another one real quick.
[34:59.610 --> 35:04.130]  In this particular case, we'll take a look at the set of Ron and Dwayne Johnson.
[35:04.570 --> 35:14.970]  We'll do the same thing, create the baseline, go ahead and perform the analysis of that image and see if we can identify areas of how that was pieced into that background by Paramount Studios.
[35:15.730 --> 35:19.610]  And of course, we can kind of see the edges of that.
[35:19.610 --> 35:29.010]  You notice the rest of the image is right. So there's edges in the other parts of the image that are not showing up, but only the ones that actually interact with the background in a specific way.
[35:29.390 --> 35:36.530]  Also, there was adjustments to the hair, the eyes, that kind of thing that were modified in order to be able to make this image look better.
[35:36.770 --> 35:45.090]  So that's the second one that we wanted to take a quick look at so you can kind of see how we can actually identify those areas where the image was, in fact, altered.
[35:45.790 --> 35:49.210]  So let's take a look at another one in this particular case.
[35:49.210 --> 35:56.570]  We're going to go ahead and actually look at something just a bit more interesting, in my opinion, that's potentially a bit more dangerous.
[35:56.950 --> 36:07.790]  This was the image that I showed you where Putin was shaking hands with Trump, which obviously never occurred, with Merkel in the background as well.
[36:07.790 --> 36:12.910]  So what we're going to do is basically take a look and see if we can identify areas that that particular image was altered.
[36:12.910 --> 36:19.230]  Obviously, exactly what we expected here, the thumbs up and the hand was actually added to that particular image.
[36:19.230 --> 36:23.610]  So we get all kinds of anomalies being detected around that.
[36:23.610 --> 36:28.810]  So you can kind of almost see exactly how that was actually added to this particular image.
[36:28.810 --> 36:37.130]  And DML is picking this up as an anomaly based on the extracted features that I talked about earlier that we use.
[36:37.130 --> 36:42.350]  This is a really interesting one. This is the Trump and Putin image.
[36:42.350 --> 36:51.410]  And this one's interesting mainly because there's some features here that we weren't expecting to discover that we actually discovered as part of this particular image.
[36:51.410 --> 36:55.450]  So what we expected to see was where the two images were put together.
[36:55.450 --> 37:01.670]  We can kind of see how they were blended together, but even though it's done really well using AI in order to integrate these two.
[37:01.670 --> 37:05.030]  The other thing we noticed was we found anomalies within Putin's eye.
[37:05.030 --> 37:07.290]  We didn't understand what that was initially.
[37:07.290 --> 37:12.210]  And then we realized later that he wears contacts to enhance the color of his eyes.
[37:12.210 --> 37:14.750]  And we're picking up that anomaly there.
[37:14.750 --> 37:19.450]  In the case of Donald Trump, he has caps on his front teeth to enhance the smile.
[37:19.450 --> 37:21.850]  And therefore we're picking up some of those anomalies as well.
[37:21.850 --> 37:30.110]  So not just anomalies that were actually created by the alterations, but anomalies that were in the original image as well that were in fact dramatic.
[37:30.650 --> 37:32.410]  And then the last one is kind of a fun one.
[37:32.410 --> 37:38.270]  We'll take a look at this image with the flying saucer.
[37:38.270 --> 37:42.310]  This is a little bit larger image, so it's going to take a second to load.
[37:42.310 --> 37:47.330]  So I kind of fast forwarded the analysis part so you didn't have to wait for that.
[37:47.390 --> 37:49.670]  And when we analyzed this one, we noticed there's nothing.
[37:49.670 --> 37:52.450]  We see no changes in this particular image whatsoever.
[37:52.450 --> 37:55.610]  No anomalies that are there no matter how much we zoom in.
[37:55.790 --> 37:59.290]  And that's because this particular image was real.
[37:59.290 --> 38:07.310]  So in other words, either the photograph that was taken was taking up an object that was there to appear like a flying saucer.
[38:07.310 --> 38:14.410]  Or this was a computer generated image where there are no anomalies that we can detect within the particular image.
[38:14.410 --> 38:19.490]  So this can happen when we're actually analyzing images like that.
[38:20.290 --> 38:27.430]  Next I want to kind of walk you through a cool way that we capture these images from social media.
[38:27.630 --> 38:34.590]  One of the questions you might have is how do we actually capture these live videos or live images within the internet?
[38:34.590 --> 38:42.150]  We built a special application that allows us to create bounding boxes around specific areas within the world.
[38:42.210 --> 38:51.130]  In this particular case, I've selected Orlando, Florida, in order to be able to kind of track some of the tweets that are occurring during the rover launch.
[38:51.370 --> 38:53.770]  And I thought this would be a little more fun than something negative.
[38:53.770 --> 38:55.350]  So hopefully you'll enjoy this.
[38:55.350 --> 39:01.450]  And so what we're going to do is actually we selected that bounding box area, 100 miles, for two hours.
[39:01.450 --> 39:03.910]  Obviously I'm only going to play about a minute of this for you.
[39:03.910 --> 39:10.090]  And we're going to start to capture the tweets that occurred along with the images that were posted along with those tweets.
[39:10.530 --> 39:16.930]  So really dramatic. You can kind of see that not only do we capture the tweets, but we also capture the emojis that are there.
[39:16.930 --> 39:19.730]  We convert them to text so you can see what they are.
[39:19.790 --> 39:27.030]  Obviously we have a log of everything that occurred, as well as all the images and all of the text are associated with it.
[39:27.550 --> 39:34.950]  This tool allows us then to pinpoint any area in the contrary of the world so that we can actually capture live tweets.
[39:34.950 --> 39:39.230]  Many of you may not know, but Twitter will pull down tweets that are offensive, etc.
[39:39.230 --> 39:41.470]  But we can capture them because they're here live.
[39:41.470 --> 39:44.090]  We're capturing these as they occur.
[39:44.090 --> 39:46.330]  In this case, everything is pretty benign.
[39:46.330 --> 39:58.010]  But in certain cases, we want to be able to capture events that are occurring and be able to capture those images and videos that have been altered as they occur.
[39:58.010 --> 40:02.130]  So that we can then perform the analysis of them with the Phelps tool.
[40:02.830 --> 40:10.690]  With that quick introduction of our research and development activities as they are associated with media analysis of disinformation campaigns,
[40:10.690 --> 40:15.310]  we want to thank you for tuning in and always supporting DEF CON.
[40:15.310 --> 40:18.010]  A lot of the innovations in the world happen here.
[40:18.010 --> 40:20.030]  I'm so glad that you were able to make it.
[40:20.290 --> 40:24.890]  If you want to reach out to Mike or I, those are our email addresses.
[40:24.890 --> 40:26.790]  It's probably the best way. We're also on LinkedIn.
[40:26.790 --> 40:28.490]  Obviously, you can find us there.
[40:28.950 --> 40:35.450]  Have a great rest of the conference and hopefully you've learned a lot from this particular event.
[40:35.450 --> 40:42.470]  And hopefully this introduction to media analysis of disinformation campaigns has been worthwhile to you.
[40:42.630 --> 40:44.090]  Have a great rest of the week.
